7,137
edits
Docker OpenWrt Image: Difference between revisions
Jump to navigation
Jump to search
→雑多なメモ
(→雑多なメモ) |
|||
| (26 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
=Docker OpenWrt Image= | =Docker OpenWrt Image= | ||
==はじめの第一歩== | |||
<syntaxhighlight lang="bash" enclose="div"> | <syntaxhighlight lang="bash" enclose="div"> | ||
docker import https://downloads.openwrt.org/snapshots/targets/x86/64/openwrt-x86-64-generic-rootfs.tar.gz openwrt-x86-64-generic-rootfs | docker import https://downloads.openwrt.org/snapshots/targets/x86/64/openwrt-x86-64-generic-rootfs.tar.gz openwrt-x86-64-generic-rootfs | ||
docker images | docker images | ||
docker run -i openwrt-x86-64-generic-rootfs cat /etc/banner | docker run --rm -i openwrt-x86-64-generic-rootfs cat /etc/banner | ||
docker run -i -t openwrt-x86-64-generic-rootfs /bin/ash | docker run --rm -i -t openwrt-x86-64-generic-rootfs /bin/ash | ||
</syntaxhighlight> | </syntaxhighlight> | ||
==つかえる OpenWrt 環境構築== | |||
Head はいろいろ問題点があったりするのでリリース版で | |||
<syntaxhighlight lang="bash" enclose="div"> | <syntaxhighlight lang="bash" enclose="div"> | ||
wget https://downloads.openwrt.org/releases/18.06.1/targets/x86/64/openwrt-18.06.1-x86-64-generic-rootfs.tar.gz | |||
</syntaxhighlight> | </syntaxhighlight> | ||
<syntaxhighlight lang=" | Dockerfile: | ||
<syntaxhighlight lang="text" enclose="div"> | |||
FROM scratch | |||
ADD ./openwrt-18.06.1-x86-64-generic-rootfs.tar.gz / | |||
EXPOSE 80 443 22 | |||
ADD network /etc/config/network | |||
USER root | |||
CMD ["/sbin/init"] | |||
</syntaxhighlight> | </syntaxhighlight> | ||
network: | |||
<syntaxhighlight lang="text" enclose="div"> | <syntaxhighlight lang="text" enclose="div"> | ||
config interface 'loopback' | |||
option ifname 'lo' | option ifname 'lo' | ||
option proto 'static' | option proto 'static' | ||
option ipaddr '127.0.0.1' | option ipaddr '127.0.0.1' | ||
option netmask '255.0.0.0' | option netmask '255.0.0.0' | ||
config interface 'lan' | config interface 'lan' | ||
| Line 36: | Line 42: | ||
option ipaddr '172.17.0.2' | option ipaddr '172.17.0.2' | ||
option netmask '255.255.0.0' | option netmask '255.255.0.0' | ||
option | option gateway '172.17.0.1' | ||
option | option delegate '0' | ||
</syntaxhighlight> | |||
<syntaxhighlight lang="bash" enclose="div"> | |||
docker build -t openwrt-18.06.1-x86-64-generic-rootfs:latest . | |||
docker run -d --name openwrt --device /dev/kmsg --tmpfs /tmp --cap-add NET_ADMIN -p 8822:22 -p 8880:80 openwrt-18.06.1-x86-64-generic-rootfs:latest | |||
docker exec -it openwrt /bin/ash | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="bash" enclose="div"> | |||
docker exec -it openwrt uci set network.lan.ipaddr='`docker inspect --format="{{ .NetworkSettings.IPAddress }}" openwrt`' | |||
docker exec -it openwrt uci commit | |||
docker exec -it openwrt /etc/init.d/odhcpd disable | |||
docker exec -it openwrt /etc/init.d/dnsmasq disable | |||
docker exec -it openwrt /etc/init.d/sysntpd disable | |||
docker restart openwrt | |||
</syntaxhighlight> | |||
==雑多なメモ== | |||
OpenWrt Head で IPv4 only の環境で docker 配下で動かすとなぜか wget が IPv6 でバインドしようとして 'Failed to establish connection' | |||
ネットワークの設定も間違いがないのがだ、IPv6 で bind しにいく。もちろん wget -4 では正常。uclient-fetch が wget の正体。 | |||
ホストOS側で完全にIPv6を停止すれば大丈夫だが。 | |||
強引な解決法 | |||
<syntaxhighlight lang="bash" enclose="div"> | |||
mv /bin/wget /bin/wget.orig | |||
cat <<EOF > /bin/wget | |||
#/bin/ash | |||
/bin/wget.orig -4 \$* | |||
EOF | |||
chmod +x /bin/wget | |||
</syntaxhighlight> | |||
==security== | |||
ホストで制限したほうがよさそう | |||
<syntaxhighlight lang="bash" enclose="div"> | |||
sudo sysctl -w kernel.dmesg_restrict=1 | |||
sudo sysctl -w kernel.kptr_restrict=1 | |||
sudo sysctl -w kernel.yama.ptrace_scope=0 | |||
</syntaxhighlight> | </syntaxhighlight> | ||